TY - GEN
T1 - SecDir
T2 - 46th International Symposium on Computer Architecture, ISCA 2019
AU - Yan, Mengjia
AU - Wen, Jen Yang
AU - Fletcher, Christopher W.
AU - Torrellas, Josep
N1 - Funding Information:
This work was funded in part by NSF under grants CCF-1725734 and CNS-1816226, and by an Intel Strategic Research Alliance (ISRA) grant.
Publisher Copyright:
© 2019 ACM.
PY - 2019/6/22
Y1 - 2019/6/22
N2 - Directories for cache coherence have been recently shown to be vulnerable to conflict-based side-channel attacks. By forcing directory conflicts, an attacker can evict victim directory entries, which in turn trigger the eviction of victim cache lines from private caches. This evidence strongly suggests that directories need to be redesigned for security. The key to a secure directory is to block interference between processes. Sadly, in an environment with many cores, this is hard or expensive to do. This paper presents the first design of a scalable secure directory. We call it SecDir. SecDir takes part of the storage used by a conventional directory and re-assigns it to per-core private directory areas used in a victim-cache manner called Victim Directories (VDs). The partitioned nature of VDs prevents directory interference across cores, defeating directory side-channel attacks. The VD of a core is distributed, and holds as many entries as lines in the private L2 cache of the core. To minimize victim self-conflicts in a VD during an attack, a VD is organized as a cuckoo directory. Such a design also obscures the victim's conflict patterns from the attacker. For our evaluation, we model with simulations the directory of an Intel Skylake-X server with and without SecDir. Our results show that SecDir has a negligible performance overhead. Furthermore, SecDir is area-efficient.
AB - Directories for cache coherence have been recently shown to be vulnerable to conflict-based side-channel attacks. By forcing directory conflicts, an attacker can evict victim directory entries, which in turn trigger the eviction of victim cache lines from private caches. This evidence strongly suggests that directories need to be redesigned for security. The key to a secure directory is to block interference between processes. Sadly, in an environment with many cores, this is hard or expensive to do. This paper presents the first design of a scalable secure directory. We call it SecDir. SecDir takes part of the storage used by a conventional directory and re-assigns it to per-core private directory areas used in a victim-cache manner called Victim Directories (VDs). The partitioned nature of VDs prevents directory interference across cores, defeating directory side-channel attacks. The VD of a core is distributed, and holds as many entries as lines in the private L2 cache of the core. To minimize victim self-conflicts in a VD during an attack, a VD is organized as a cuckoo directory. Such a design also obscures the victim's conflict patterns from the attacker. For our evaluation, we model with simulations the directory of an Intel Skylake-X server with and without SecDir. Our results show that SecDir has a negligible performance overhead. Furthermore, SecDir is area-efficient.
KW - Cache-coherence directories
KW - Cuckoo hashing
KW - Side-channel attacks
UR - http://www.scopus.com/inward/record.url?scp=85069499600&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85069499600&partnerID=8YFLogxK
U2 - 10.1145/3307650.3326635
DO - 10.1145/3307650.3326635
M3 - Conference contribution
AN - SCOPUS:85069499600
T3 - Proceedings - International Symposium on Computer Architecture
SP - 332
EP - 345
BT - ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 June 2019 through 26 June 2019
ER -